• Medical firm avoids Exchange nightmare with outside help

  By Tim Greene | 22 May, 2012 05:31

  International medical vendor Mediq was expanding in a big way by acquisition and needed a standard email platform across its business, but the project's cost and the complexity of doing it alone was so daunting that the company called on outside help that costs it less in the long run.

• 5 signs that you've lost control over your Cloud apps

  By Carolyn Duffy Marsan | 12 March, 2012 21:28

  CIOs are waking up to the reality that they've lost control over access to data stored in software-as-a-service applications purchased by other departments.

• IETF explores new working group on identity management in the cloud

  By Carolyn Duffy Marsan | 09 March, 2012 22:35

  Proponents of a common scheme for managing user identity in cloud-based applications will pitch their idea to the Internet's premier standards-setting body at a meeting in Paris later this month.

• Use Analytics to Create a Greener Business

  By Elana Varon | 01 November, 2011 04:51

  Saab Group, a defense and aerospace company with a global supply chain and customers in 100 countries, must comply with a growing set of local environmental regulations and with customer requirements that it run a greener business. Plus, the $3.7 billion company has its own goals: cut its greenhouse gas emissions by 2 percent a year, save energy and water, increase recycling and reduce its use of hazardous chemicals.

• Start up offers Saas app to manage data-breach incidents

  By Ellen Messmer | 08 September, 2011 02:33

  If your company suffered a data breach, would you know what to do to comply with state, federal and local law? Start-up Co3 Systems is offering a software-as-a-service (SaaS) application to tackle that unhappy task, tracking how a corporate data-loss incident is handled.

• Cloud-Computing Services: Fine Print Disappointment Seen

  By Thomas Wailgum | 22 April, 2010 01:50

  This is the type of analyst report headline that cloud computing vendors don't want to read: "Empty Promises and Tough Luck: Yankee Group Exposes the Cloud's Fine Print."

• Where is Your Cloud? Four Compliance Best Practices

  By James Staten | 19 April, 2010 06:50

  If you think the phrase "It's in the cloud" means that your data resides on the Internet and is thus accessible everywhere equally, think again. Most infrastructure-as-a-service (IaaS) cloud services share the same residence model as traditional hosting and outsourcing deployments -- they live in specific data centers in specific geographies. This means that customer data is generated and most likely stored in this physical location, giving it legal and privacy implications.

• Compliance Under a Cloud

  By Jim Hietala | 25 February, 2010 11:33

  There's no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether they're lured by its compelling cost savings or its perceived advantages, security leaders are probing the capabilities and restrictions of the cloud. At the same time, security and compliance concerns remain issues holding large enterprises back from capitalizing on the cloud's benefits.

• Is Compliance in the Cloud Possible?

  By Jim Hietala | 07 January, 2010 06:47

  There is no doubt that cloud computing is dominating today's IT conversation among C-level security executives. Whether it's due to the compelling cost saving possibilities in a tough economy, or because of perceived advantages in provisioning flexibility, auto-scaling, and on-demand computing, CSOs are probing the capabilities, costs and restrictions of the cloud. At the same time, security and compliance concerns are at the forefront of issues potentially holding large enterprises back from capitalizing on the benefits that cloud computing has to offer.

• The Dangers of Over-Reliance on Compliance

  By Charles Cresson Wood and Kevin Beaver | 06 August, 2009 04:02

  Have you noticed that many of the firms suffering high profile, serious, and expensive information security breaches have nonetheless been 'compliant' with certain laws, regulations, or standards? Consider the case of credit card processor Heartland Payment Systems, which recently suffered the unauthorized disclosure of over 100 million credit card and debit card transactions. The firm handles the transactions of over 175,000 merchants. Hundreds of banks have already had to reissue cards as a result of the breach. Note that Heartland was, at the time, certified as fully Payment Card Industry (PCI) compliant. Many other organizations that fall under various Federal, state, and industry regulations are continually experiencing breaches as well.

Whitepapers about compliance

• 

  OVUM Report: Governance Risk and Compliance-- GRC usage and buying trends in the ANZ markets

  The existence of an established and stable governance risk and compliance strategy is extremely important to public and private sector organisations as they strive to meet an evergrowing range of regulatory demands. Given the current constraints, it is one of the few areas where the vast majority of organisations intend to either maintain or in many cases increase spending. Read more.

• 

  Seven Steps to Effective Data Governance

• 

  PCI DSS 2.0: The Challenge With Compliance and Security in a Virtual World

• 

  Cost Effective Security and Compliance with Oracle Database 11g Release 2